const jwt = require('jsonwebtoken');
const fs = require("fs");
const path = require("path")

module.exports = function (req, res, next) {

  let token = req.get("X-ACCESS-TOKEN");
  var cert = fs.readFileSync(path.resolve(__dirname, '../key/rsa_public_key.pem')); 
  jwt.verify(token, cert, function (err, decoded) {
    if (err) {
      res.send({ code: 0, msg: '非法操作' });
    } else {
      console.log('decoded:', decoded) // bar
      if (decoded == req.session.username) {
        next()
      } else {
        res.send({ code: 0, msg: '非法操作' });
      }
    }
  });

}